🔄 When to update application dependencies?

Most modern languages (Node.js, Python, Rust, Go, Zig, Elm, etc.) have their own package manager. So when should we update package dependencies? How about at the beginning of every PR cycle? I'm working on making this my standard practice when starting a new feature in an application -- first, update all dependencies. There are several advantages to this flow:

• Updating frequently means you are dealing with small changes.
• Updating at the start of a dev cycle also gives you a standard time to do this. Otherwise, things like updating dependencies tend to get neglected.
• Updating at the start of a dev cycle (vs end) gives you some time to exercise new modules during development before merging.
• You automatically get security updates without having to track these too closely.
• It feels right.

This also requires good tests, so that you can update with confidence. There might also be an issue with a team if multiple developers are updating dependencies at the same time. So in larger teams, perhaps one person or an automated process should do this. The key thing is that it does get done, and implement the needed automation to make this easy.